“You’ve got mail.” Remember when that was a good thing? Unfortunately, it now often means you’re someone’s target. Some are obvious. No Nigerian prince wants to send you buckets of money for a favor. Others are more subtle. So how do you identify scams? Here are some tips:
- Never click on embedded links or open suspicious attachments. One common scam involves hacking an individual’s email account to steal address lists. If you receive an email from someone you know, but it only contains one line, a link to another site, don’t click on it. Likewise, never open an attachment. Instead, if you’re not sure it’s legitimate, contact the sender separately asking if he/she sent the original email or if it was an address book theft.
- Don’t react to threats. Another popular scam is a threat that your account will be closed if you don’t respond to the email. Cybercriminals often use threats that your security has been compromised and ask you to click on a link to update your profile. If the threat comes from a company with which you have no relationship, it’s easy. Hit ‘Delete.’ However, if the email seems to be from a legitimate company, contact that company via a separate action, like logging onto the company’s website or calling the company to inquire about the email. You can also hover your cursor over the link to see the address of the site to which you’ll be redirected.
- Be suspicious of spelling and grammar errors. Legitimate businesses have staff who proofread mass emails carefully before they are released. Cyber attackers are not known for their grammar and spelling.
- Be savvy about emails that solicit donations of goods or money. As a business owner, develop good practices about charitable donations, and never respond to an email-only solicitation.
But it’s not just email. As business owners, you also need to have strong credit card acceptance policies, particularly telephone orders. Non-face-to-face purchases are common, but the credit card companies have given you some tools to protect your business.
- Ask for the cardholder’s Card Verification Value/Code (CVV/CVC). These are the 3 or 4 digit numbers that are printed on the payment card (3 digits for Visa, MasterCard, and Discover and 4 digits for American Express). Payment account numbers can be stolen, but CVV/CVC numbers are generally only known if the card is physically in hand.
- Perform an Address Verification. In a non-face-to-face environment, always obtain the cardholder’s physical mailing address and include the appropriate data when running the credit card authorization.
- Match purchases and credits. The card association rules state that if a refund is to be made, it must be processed on the same payment card as was used for the original purchase. One scam we’ve recently heard about is an individual calling in a substantial order and then calling back later to cancel the order but providing a different account number for the refund. Do not fall prey.